aws_ssm_document should be deleted/recreated when it can't be versioned

[jfharden]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

0.11.11

Affected Resource(s)

• aws_ssm_document

Terraform Configuration Files

resource "aws_ssm_document" "session_manager_preferences" {
  name            = "SSM-SessionManagerRunShell"
  document_type   = "Session"
  document_format = "JSON"

  content = <<DOC
{
    "schemaVersion": "1.0",
    "description": "Document to hold regional settings for Session Manager",
    "sessionType": "Standard_Stream",
    "inputs": {
        "s3BucketName": "example-bucket",
        "s3KeyPrefix": "example-path/",
        "s3EncryptionEnabled": true
    }
}
DOC
}

Expected Behavior

When the resource has been changed outside terraform, terraform detects the change and changes the document back, given than versioning isn't supported prior to ssm document schema version 2.0 I would expect those to be recreated, not ignored.

Actual Behavior

Terraform ignores the change.

Steps to Reproduce

1. Delete the SSM-SessionManagerRunShell document that exists by default with aws cli command: aws ssm delete-document --name SSM-SessionManagerRunShell (This is because of a separate issue which isn't relevant here).
2. Apply the document resource above
3. In the aws console edit the preferences for session manager sessions and change the bucket prefix (you will also need to deselect cloudwatch logging due to a bug in the aws UI)
4. Apply the document resource above (and see no changes)

[bflad]

Hi folks 👋 In #9313, which was just merged for release in Terraform AWS Provider version 2.19.0 later today, we did a few things in this regard:

• Verified via a new acceptance test that schema version 1.0 SSM Documents do properly update-in-place (maybe there was a previous restriction that is no longer)
• Ensured that the content argument in the resource is always refreshed into the Terraform state so it appropriately shows out of band changes
• Added resource import support, which will allow you to assume management of existing SSM Documents (potentially like SSM-SessionManagerRunShell)

These combined should be hopefully cover everything here to ensure the Terraform resource is doing what it should in this case, but if not please feel free to submit further bug reports or feature requests. Thanks!

[bflad]

The above mentioned changes have been released in version 2.19.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!